For inquiries, please contact our Front Desk at fd@molawoffice.com or Admin at admin@molawoffice.com. You can also reach us by phone at +1 305-548-5020, option 1.

For traffic ticket assistance, visit molinatrafficticket.com.

2025 AI Law Year in Review: What Miami-Dade Businesses Need to Know for 2026

Executive summary: 2025 was the year AI law got real. The EU AI Act started to bite; California and New York passed the first U.S. “frontier model” safety statutes; Congress enacted the TAKE IT DOWN Act targeting non-consensual intimate deepfakes; courts issued milestone rulings on copyright and AI training; NIST dropped a draft Cyber AI Profile to map security controls; and the FTC turned up enforcement on AI-turbocharged deception. If you buy, build, or deploy AI in 2026, these moves change your contracts, product governance, and risk posture—especially if you operate in Florida but touch California, New York, or the EU. (Digital Strategy)

1) EU AI Act: key dates hit in 2025 (and more arrive in 2026–27)

The EU AI Act entered into force on August 1, 2024, with staged application. Critically for U.S. companies with EU exposure: prohibited practices (e.g., social scoring, certain biometric uses) and AI literacy obligations began February 2, 2025; general-purpose AI (GPAI) obligations began August 2, 2025; full application lands August 2, 2026; and “high-risk” rules tied to regulated products have an extended transition to August 2, 2027. Map your EU-facing tools now. (Digital Strategy)

Action items: add EU AI Act representations to vendor contracts; request model/system cards and intended-use statements; and stage a gap analysis if any offering could be “high-risk” under EU law. (Digital Strategy)

2) Federal law: Congress targets non-consensual intimate deepfakes

The Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks (TAKE IT DOWN) Act became law in spring 2025. It criminalizes non-consensual intimate imagery (including AI-generated) and compels covered platforms to remove reported content within 48 hours. For businesses, this raises content-moderation, notice-and-takedown, and evidence-preservation stakes—especially if you host user content or ads. (AP News)

Action items: add a deepfake response clause to incident playbooks (rapid takedown, escalation, and record-keeping) and update website/app terms to reflect federal takedown rights and processes. (Congress.gov)

3) Landmark case law on AI training: Thomson Reuters v. ROSS

On February 11, 2025, the Delaware district court rejected a fair-use defense where Westlaw headnotes were used to train an AI legal research tool—framing a first major U.S. ruling on copyright liability for training. Expect plaintiffs to cite it heavily; appeals and other cases will continue to shape the edges. For counsel, it’s a signal to press vendors for training-data provenance and IP indemnities. (Loeb)

Also notable: In March 2025, the D.C. Circuit affirmed that works created without human authorship are not copyrightable (Thaler v. Perlmutter), reinforcing the human-authorship baseline. (Reuters)

4) Copyright Office: 2025 reports set the playbook

Part 2: Copyrightability (Jan 29, 2025) — reaffirms human authorship as required, while clarifying when AI-assisted works might qualify (e.g., original human selection/arrangement of AI elements). (U.S. Copyright Office)

Part 3: Generative AI Training (pre-publication May 2025) — provides a technical/legal analysis of training on copyrighted works, signaling that outcomes will be fact-specific; no blanket fair-use answer. Use it as a checklist for diligence conversations and policy design. (U.S. Copyright Office)

Action items: update creative/marketing workflows to log human contribution; require vendors to disclose training sources and licensing posture; and tune indemnities for output and training claims. (U.S. Copyright Office)

5) State leaders: California SB 53 and New York’s RAISE Act

California SB 53 (Transparency in Frontier AI Act) — signed Sept 29, 2025; effective Jan 1, 2026. Requires large frontier developers to publish safety frameworks, update them, and support incident reporting/whistleblower protections, among other transparency obligations. Expect downstream vendor disclosures to normalize around SB 53. (Governor of California)

New York RAISE Act — signed Dec 19, 2025; requires frameworks and 72-hour incident reporting for large AI developers, positioning NY next to CA and creating a bi-coastal baseline many enterprises will adopt nationally. (Governor Kathy Hochul)

Action items: if you rely on “frontier” vendors, bake framework publication, incident reporting, and change-control into your contracts. Track how CA/NY definitions map to your suppliers. (Baker Botts)

6) NIST security guidance: the Cyber AI Profile (Dec 2025)

NIST released an initial preliminary draft of the Cybersecurity Framework Profile for AI on Dec 16, 2025 (NISTIR 8596 iprd). It ties AI risks to NIST CSF controls—useful for procurement, audits, and DPAs. If you’re aligning to NIST already, this gives you a ready-made AI overlay for policies, SOC 2 narratives, and security exhibits. (NIST Publications)

Action items: require vendors to self-attest or map to NIST’s AI Profile, and mirror those controls in your internal SDLC for AI-enabled products and data flows. (NIST Publications)

7) FTC enforcement heat: fake reviews & impersonation

The FTC’s Consumer Reviews & Testimonials Rule (finalized 2024; effective Oct 21, 2024) became an active 2025 enforcement lever, with Dec 22, 2025 warning letters to 10 companies. In parallel, the FTC advanced impersonation rulemaking to address AI-enabled deepfakes and scams. If your marketing stack uses AI, you need tight review governance, disclosure, and brand-protection protocols. (Federal Trade Commission)

Action items: ensure review sourcing is auditable; ban undisclosed AI-generated testimonials; and stand up impersonation response plans (legal + brand) for deepfake voice/image incidents. (Federal Trade Commission)

8) Elections & deepfakes: states keep legislating (Florida note)

States accelerated deepfake legislation across sexual imagery, elections, and platform duties. New Jersey criminalized deceptive AI media; trackers show a sharp rise in deepfake-related enactments in 2025. Florida tightened its own deepfake/sexual-image laws (often called “Brooke’s Law”), adding takedown processes and criminal penalties effective Oct 1, 2025—important for Miami businesses managing user content and HR risk. (AP News)

Action items (Florida): train HR and social teams on rapid response; document a victim-assistance path (platform notices, preservation, law enforcement); and add employee handbook language on synthetic media harassment. (Florida Legislature)

Practical checklist for Q1 2026

Contract updates:

Representations for training data licensing + no training on your data without express consent.

EU AI Act and CA/NY-style disclosures (frameworks, incidents, whistleblower, audits).

Security schedule mapping to NIST Cyber AI Profile.

Content governance warranties for reviews/testimonials and impersonation response. (Digital Strategy)

Policy & training:

Publish an AI acceptable-use policy; define human-in-the-loop steps for critical outputs.

Require provenance/watermark checks for public-facing media.

Stand up a deepfake/defamation playbook (legal + comms). (NIST Publications)

Governance artifacts:

Maintain model/system cards, risk assessments, and incident logs for material AI features.

Track and document human authorship in creative workflows for copyright clarity. (U.S. Copyright Office)

“From the EU AI Act to California/NY frontier-model laws, the TAKE IT DOWN Act, and landmark copyright rulings, 2025 reset AI’s legal baseline. Here’s what Miami-Dade businesses should do in Q1 2026.”

Contact CTA

For legal help with AI contracts, vendor diligence, content/deepfake response, or compliance planning, contact Attorney Yoel Molina at admin@molawoffice.com, call (305) 548-5020 (Option 1), or message via WhatsApp at (305) 349-3637.